package com.cntaiping.fsc.security.filter;

import com.cntaiping.fsc.core.model.BaseResponse;
import com.cntaiping.fsc.core.util.ResponseUtil;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import org.springframework.http.HttpHeaders;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/cntaiping/fsc/security/filter/TpHttpBasicAuthFilter.class */
public class TpHttpBasicAuthFilter extends AbstractAuthFilter {
    private static final int order = -121;
    public static final String FORM_USERNAME_KEY = "username";
    public static final String FORM_PASSWORD_KEY = "password";
    public static final String FORM_TARGETPAGE_KEY = "_targetpage";
    private String authentication;
    protected CsrfTokenRepository csrfTokenRepository;
    private boolean enableFormLogin;
    protected RequestMatcher loginRequestMatcher;

    public TpHttpBasicAuthFilter(String str, String str2) {
        super(order);
        this.loginRequestMatcher = new AntPathRequestMatcher("/login", "POST");
        this.authentication = "Basic " + HttpHeaders.encodeBasicAuth(str, str2, StandardCharsets.ISO_8859_1);
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        boolean isValid;
        boolean z = false;
        String str = null;
        Boolean bool = (Boolean) httpServletRequest.getAttribute("TP_AUTH_FLAG_ATTR");
        if ((bool == null || !bool.booleanValue()) && !excludedUrls(httpServletRequest, this.ignoredUrls)) {
            HttpSession session = httpServletRequest.getSession(false);
            String header = httpServletRequest.getHeader("Authorization");
            if (isAuthenticationFormRequest(httpServletRequest)) {
                if (session != null) {
                    session.invalidate();
                }
                session = httpServletRequest.getSession(true);
                header = fetchBaseAuthStringByFormRequest(httpServletRequest);
                str = obtainTargetPage(httpServletRequest);
                if (StringUtils.hasText(str)) {
                    z = true;
                }
            }
            if (session == null) {
                isValid = isValid(header);
            } else {
                Boolean bool2 = (Boolean) session.getAttribute("TP_AUTH_FLAG_ATTR");
                if (bool2 == null || !bool2.booleanValue()) {
                    isValid = isValid(header);
                    session.setAttribute("TP_AUTH_FLAG_ATTR", Boolean.valueOf(isValid));
                } else {
                    isValid = bool2.booleanValue();
                }
            }
        } else {
            isValid = true;
        }
        if (!isValid) {
            clearSessionAndCookie(httpServletRequest, httpServletResponse);
            if (this.enableFormLogin) {
                sendLoginPage(httpServletRequest, httpServletResponse);
                return;
            } else {
                ResponseUtil.sendErrorResponse(httpServletRequest, httpServletResponse, new BaseResponse("0009", "Basic Auth Fail! "));
                return;
            }
        }
        if (this.enableFormLogin && z && StringUtils.hasText(str)) {
            httpServletResponse.sendRedirect(str);
        } else {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    private boolean isValid(String str) {
        return StringUtils.hasText(str) && str.equals(this.authentication);
    }

    private void sendLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String createPage = createPage(httpServletRequest, httpServletResponse);
        httpServletResponse.setStatus(401);
        if (httpServletResponse.isCommitted()) {
            return;
        }
        try {
            httpServletResponse.getWriter().write(createPage);
            httpServletResponse.getWriter().flush();
        } catch (IOException e) {
            this.LOG.error("返回登陆页面时发生IO异常：" + e.getLocalizedMessage(), e);
        }
    }

    private String createPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return "<!DOCTYPE html>\n<html lang=\"en\">\n  <head>\n    <meta charset=\"utf-8\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n    <meta name=\"description\" content=\"\">\n    <meta name=\"author\" content=\"Liebin Zheng\">\n    <title>Tpcloud App Login Page</title>\n    <link type=\"text/css\" href=\"/css/bootstrap.min.css\" rel=\"stylesheet\" >\n    <link type=\"text/css\" href=\"/css/signin.css\" rel=\"stylesheet\" />\n  </head>\n  <body>\n     <div class=\"container\">\n" + formLogin(httpServletRequest, httpServletResponse) + "    </div>\n  </body>\n</html>";
    }

    private String formLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!this.enableFormLogin) {
            return "";
        }
        String contextPath = httpServletRequest.getContextPath();
        String str = contextPath + "/login";
        String str2 = httpServletRequest.getContextPath() + httpServletRequest.getRequestURI();
        if (str.equals(str2)) {
            str2 = contextPath + "/";
        }
        return "      <form class=\"form-signin\" method=\"post\" action=\"" + str + "\">\n        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + createError(httpServletRequest.getParameter("error") != null) + createLogoutSuccess(httpServletRequest.getParameter("logout") != null) + "        <p>\n          <label for=\"username\" class=\"sr-only\">Username</label>\n          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n        </p>\n        <p>\n          <label for=\"password\" class=\"sr-only\">Password</label>\n          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n        </p>\n        <p>\n" + targetPage(str2) + "        </p>\n        <p>\n" + csrfToken(this.csrfTokenRepository.generateToken(httpServletRequest)) + "        </p>\n        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n      </form>\n";
    }

    private String csrfToken(CsrfToken csrfToken) {
        return "          <input type=\"hidden\" name=\"" + csrfToken.getParameterName() + "\" value=\"" + csrfToken.getToken() + "\">\n";
    }

    private String targetPage(String str) {
        return "          <input type=\"hidden\" name=\"_targetpage\" value=\"" + str + "\">\n";
    }

    private String createError(boolean z) {
        return z ? "<div class=\"alert alert-danger\" role=\"alert\">Invalid credentials</div>" : "";
    }

    private String createLogoutSuccess(boolean z) {
        return z ? "<div class=\"alert alert-success\" role=\"alert\">You have been signed out</div>" : "";
    }

    private String obtainPassword(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(FORM_PASSWORD_KEY);
    }

    private String obtainUsername(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(FORM_USERNAME_KEY);
    }

    private String obtainTargetPage(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(FORM_TARGETPAGE_KEY);
    }

    private boolean isAuthenticationFormRequest(HttpServletRequest httpServletRequest) {
        return this.loginRequestMatcher.matches(httpServletRequest);
    }

    private String fetchBaseAuthStringByFormRequest(HttpServletRequest httpServletRequest) {
        String obtainUsername = obtainUsername(httpServletRequest);
        String obtainPassword = obtainPassword(httpServletRequest);
        if (obtainUsername == null) {
            obtainUsername = "";
        }
        if (obtainPassword == null) {
            obtainPassword = "";
        }
        return "Basic " + HttpHeaders.encodeBasicAuth(obtainUsername.trim(), obtainPassword, StandardCharsets.ISO_8859_1);
    }

    public void setCsrfTokenRepository(CsrfTokenRepository csrfTokenRepository) {
        this.csrfTokenRepository = csrfTokenRepository;
    }

    public void setEnableFormLogin(boolean z) {
        this.enableFormLogin = z;
    }
}
